From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.

You missed an important step.
1.5 issue an advisory with details on the exploit and how users can protect themselves and what workarounds are available, if any.
This should be done no more than a week after step 1.